301 matches found
Openfire Administration Console - Authentication Bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure
Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...
[SECURITY] Fedora 43 Update: python-diskcache-5.6.3-12.fc43
DiskCache is an Apache2 licensed disk and file backed cache library, written in pure-Python, and compatible with Django...
EUVD-2023-44786
Malicious code in bioql PyPI...
EUVD-2023-45144
Malicious code in bioql PyPI...
log4shell-detector
This is a Gradle wrapper script for a Java project. Here's a breakdown of the key points: Purpose: The script is used to start a Gradle build process. License: The script is licensed under the Apache License, Version 2.0. Functionality: The script sets up the environment for the Gradle build...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
Moderate: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
freerdp bug fix update
An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
aflnet_profuzzbench
It is an offensive tool for network protocols. The primary CVE ID is not present in the provided context, but the tool is an extension of American Fuzzy Lop AFL, which is a greybox fuzzer for protocol implementations. The tool, AFLNet, is seeded with a corpus of recorded message exchanges between...
FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...
Oracle Linux 9 : freerdp (ELSA-2024-2208)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2208 advisory. 2:2.11.2-1 - Update to 2.11.2 RHEL-4290, RHEL-4292, RHEL-4296, RHEL-4298, RHEL-4300, RHEL-4302, RHEL-4304, RHEL-4306, RHEL-4308, RHEL-4310, RHEL-4312,...
Moderate: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: Incorrect offset calculation leading to DOS CVE-2023-39350...
[SECURITY] Fedora 40 Update: tomcat-9.0.83-3.fc40
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
BIT-OPENFIRE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
BIT-MINIO-2021-21287 Server-Side Request Forgery in MinIO Browser API
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or...
CentOS 9 : freerdp-2.4.1-2.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the freerdp-2.4.1-2.el9 build changelog. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2023:4893-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4893-1 advisory. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache...
Debian dla-3654 : freerdp2-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3654 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3654-1 [email protected]...
Fedora 39 : freerdp (2023-74108ca60d)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-74108ca60d advisory. Update to 2.11.1 ---- Update to 2.11.0 CVE-2023-39350, CVE-2023-39351, CVE-2023-39352, CVE-2023-39353, CVE-2023-39354, CVE-2023-39356, CVE-2023-4018...